Security Vulnerability Announcement: HTML_QuickForm

A vulnerability in the HTML_QuickForm package has been found which potentially allows remote code execution.

A new release of the package is available which fixes this issue. One is strongly encouraged to upgrade to it by using:

$ pear upgrade HTML_QuickForm-3.2.15

Thanks to Patrick Fingle and the CiviCRM Security Team who reported this issue.

CVECVE-2018-1999022

This entry was posted in Security. Bookmark the permalink.